Running Your Own Open Source Email Server: Administering iRedMail

This is part two of a tutorial series for Running Your Own Open Source Email Server. In this tutorial, I'll guide you through configuring and customizing iRedMail's administrative back-end console, iRedAdmin. You can use iRedAdmin to add domains, manage users and more. I'll also cover how to configure your DNS records to help your server coexist well with other mail servers and their spam filters.

Administering iRedMail With iRedAdmin

As we touched on briefly in part one, iRedAdmin is the free back-end administrative console for iRedMail. It's designed to help you only with the basics of managing your mail server. A more feature-rich premium version, iRedAdmin-Pro, is available from the iRedMail team.

You don't need to upgrade and I'm not encouraging you to, but here are some of the basics about the Pro edition:

The Premium Alternative: iRedAdmin Pro

Here's a portion of the feature comparison between the free and pro versions:

Adding a Domain

If we want our mail server to receive email for multiple domains, we can visit the Domains and Accounts page:

Click Add Domain and add your new domain name:

You'll be taken to the domain view page:

And, your new domain will appear back on the Domains list:

Of course, you'll need to add MX records with your domain name registrar for your new domain to route email to your iRedMail server. Here's an example:

lookahead.io. 1800 MX red.lookahead.me. 10

Adding Users

From the Domains and Accounts page, click Add Users and provide the mailbox information for your next user:

When you add them, you'll be taken to the User View page:

You can make a new user an Administrator by clicking Global Admin.

If you return to the Domains and Accounts page and click on the Domain view icon, you can then click on the Users thumbnail menu to see the users associated with the domain:

And you can manage administrators with the Admin tab:

Configuring Catch-All User

I recommend you set up a catch-all mailbox with your iRedMail server. Whenever I sign up at websites, I use websitename@mydomain.com as the email registration address. This helps somewhat with minimizing the data mining between advertising services by email address. It can also help you identify the source of spam generated from third parties. I describe a few more ways to enhance personal privacy here.

You must configure this manually via the database in the free version of iRedAdmin.

Follow these steps to configure a catch-all mailbox for your domain. Log in to your iRedMail server instance. Then, log in to mysql with your administrator password (also in the iRedMail.tips file listed above):

mysql -u root -p

From MySQL, for each domain, provide the forwarding mailbox address to deliver to:

Configuring Mail Server Domain Records (DNS)

If you read So You'd Like to Send Some Email (Through Code) which I linked to in the last tutorial, you likely saw that mail servers are requiring a number of DNS settings to help them filter out likely spammers. To ensure the reliable delivery of mail from our own server, there are a few DNS settings we will want to customize.

Set Up a Reverse PTR Record

The most common use for looking up a PTR record is done by spam filters. Concept behind this idea is that fly by night spammers who send e-mails out using fake domains generally will not have the appropriate reverse PTR setup at the ISP DNS zone. This criterion is used by spam filters to detect spam. If your domain does not have an appropriate reverse PTR record setup then chances are email spam filtering softwares MIGHT block e-mails from your mail server.

Reverse PTR records are configured by the owner of the IP address you're using, so this is likely your hosting provider. For example, in my case it's Digital Ocean, which configures your Reverse PTR automatically based on your server's hostname. Consult your hosting provider to determine the best way to configure your own Reverse PTR.

If you're receiving mail for multiple domains, setting up the Reverse PTR record with a hosting provider may be more complicated.

Set Up DomainKeys Identified Mail (DKIM)

With DKIM, you "sign" every email you send with your private key, a key only you could possibly know. And this can be verified by attempting to decrypt the email using the public key stored in your public DNS records.

Securing Your Server

Next, let's double check that your SMTP server is not open to the public, i.e. exposed to spammers. Visit a tool like SpamHelp's Open Relay Test:

Enter your mail hostname or IP address and click Test. We want to see the Error - could not connect to server result. This ensures that our SMTP server is NOT open to spammers.

A Note on Backups

Your e-mail is vitally important to you. Make sure you back up your server. There are a number of approaches to this which I won't delve into here. For example, my provider Digital Ocean offers automated backups for a small surcharge on each droplet or instance. If you're using Amazon AWS, Skeddly provides automated backups as a service. AWS's RDS database instances provide automated backups on their own. You can also explore backing up email through mail protocols—see GMail and IMAP backup services.

Keep in mind that each backup you create introduces potential security vulnerabilities and attack vectors between hackers and your email.